DHCP Snooping是一种DHCP安全特性,可以用于防御一些攻击,下列哪些是DHCP Snooping能够防御的攻击()。A.防御改变CHADDR值的饿死攻击B.防御DHCP仿冒者攻击C.防御TCP flag攻击D.防御中间人攻击和IP/MAC Spoofing攻击
题目
A.防御改变CHADDR值的饿死攻击
B.防御DHCP仿冒者攻击
C.防御TCP flag攻击
D.防御中间人攻击和IP/MAC Spoofing攻击
相似考题
更多“DHCP Snooping是一种DHCP安全特性,可以用于防御一些攻击,下列哪些是DHCP Snooping能够防御的攻击()。 ”相关问题
-
第1题:
DHCP Snooping是一种DHCP的安全特性,关于DHCP Snooping的说法,以下正确的是()。A.DHCP Snooping绑定表分为动态绑定表和静态绑定表
B.DHCP Snooping区分信任端口和非信任端口,对非信任端口,不处理DHCP Reply报文
C.静态绑定表在报文入端口手工输入,也可以手工设置表项老化时间
D.在二层上应用DHCP Snooping时,不配置Option82功能也可以获得绑定表所需的接口信息
参考答案:A, B, D
-
第2题:
阅读以下说明,回答问题1~3,将解答填入答题纸的对应栏内。
某公司的网络拓扑结构如图3-1所示。其中的DHCP server安装的Linux系统。
【问题2】(6分)
若内部网络PC1上用户私自安装了dhcp服务器,则可能导致内网的用户无法获得正确的地址。要解决这个问题,可以在交换机上开启 (6) 功能,通过这种方式将交换机的(7)即接口设置为(8)接口。
(6)备选答案:
A、dhcp snooping B、dhcp relay C、dhcp discover D、dhcp unicast
(8)备选答案:
A、trust B、untrust C、dmz D、snooping答案:解析:(6)A (7) G0/0/2 (8) A -
第3题:
ARP-CHECK功能检查ARP报文合法性的来源有()
- A、IP+MAC的端口安全
- B、DHCP Snooping+IP Sourceguard
- C、dot1x授权
- D、DHCP Snooping表
正确答案:A,B,C -
第4题:
Which is the result of enabling IP Source Guard on an untrusted switch port that does not have DHCP snooping enabled?()
- A、DHCP requests will be switched in the software, which may result in lengthy response times.
- B、The switch will run out of ACL hardware resources.
- C、All DHCP requests will pass through the switch untested.
- D、The DHCP server reply will be dropped and the client will not be able to obtain an IP address.
正确答案:D -
第5题:
The Company is concerned about Layer 2 security threats. Which statement is true about these threats? ()
- A、 MAC spoofing attacks allow an attacking device to receive frames intended for a different network host.
- B、 Port scanners are the most effective defense against dynamic ARP inspection.
- C、 MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against reconnaissance attacks that use dynamic ARP inspection (DAI) to determine vulnerable attack points.
- D、 Dynamic ARP inspection in conjunction with ARP spoofing can be used to counter DHCP snooping attacks.
- E、 DHCP snooping sends unauthorized replies to DHCP queries.
- F、 ARP spoofing can be used to redirect traffic to counter dynamic ARP inspection.
- G、 None of the other alternatives apply.
正确答案:A -
第6题:
DHCP snooping on Cisco Nexus 1000V Series Switches acts like a firewall between untrusted hosts and trusted DHCP servers by doing which of these? ()
- A、 validates DHCP messages received from untrusted sources and filters out invalid response messages from DHCP servers
- B、 intercepts all ARP requests and responses on untrusted ports
- C、 builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addresses
- D、 uses the DHCP snooping binding database to validate subsequent requests from untrusted hosts
- E、 limits IP traffic on an interface to only those sources that have an IP-MAC address binding table entry or static IP source entry
正确答案:A,C,D -
第7题:
下面哪项不是防范ARP攻击的有效方法()。
- A、IP-MAC静态绑定
- B、使用类似port security的功能
- C、加强用户权限控制
- D、DHCP Snooping+DAI技术
正确答案:C -
第8题:
单选题Which is the result of enabling IP Source Guard on an untrusted switch port that does not have DHCP snooping enabled?()ADHCP requests will be switched in the software, which may result in lengthy response times.
BThe switch will run out of ACL hardware resources.
CAll DHCP requests will pass through the switch untested.
DThe DHCP server reply will be dropped and the client will not be able to obtain an IP address.
正确答案: C解析: 暂无解析 -
第9题:
多选题DHCP Snooping是一种DHCP安全特性,可以用于防御一些攻击,下列哪些是DHCP Snooping能够防御的攻击()。A防御改变CHADDR值的饿死攻击
B防御DHCP仿冒者攻击
C防御TCP flag攻击
D防御中间人攻击和IP/MAC Spoofing攻击
正确答案: A,B解析: 暂无解析 -
第10题:
多选题As the network technician at Company, you need to configure DHCP snooping on a new switch. Which three steps are required? ()AConfigure the switch to insert and remove DHCP relay information (option-82 field) in forwarded DHCP request messages.
BConfigure DHCP snooping globally.
CConfigure the switch as a DHCP server.
DConfigure DHCP snooping on an interface.
EConfigure all interfaces as DHCP snooping trusted interfaces.
FConfigure DHCP snooping on a VLAN or range of VLANs.
正确答案: A,D解析: 暂无解析 -
第11题:
多选题DHCP Snooping是一种DHCP安全特性,可以用于防御多种攻击,其中包括()A防御改变CHADOR值的饿死攻击
B防御DHCP仿冒者攻击
C防御TCpflag攻击
D防御中间人攻击和IP/MACSpoofing攻击
正确答案: D,A解析: 暂无解析 -
第12题:
单选题中间人攻击或IP/MACSpoofing攻击都会导致信息泄露等危害,且在内网中比较觉。为了防止中间人攻击或IP/MACSpoofing攻击,可以采取的配置方法有:()A配置trust/untrusted接口
B限制交换机接口上允许学习到的最多MAC地址数目
C开启DHCPSnooping检查DHCP REQUEST报文中CHADOR字段的功能
D在交换机上配置DHCP Snooping域DAI或IPSG进行联动
正确答案: C解析: 暂无解析 -
第13题:
下面哪项不是防范ARP攻击的有效方法()。A.IP-MAC静态绑定
B.使用类似port security的功能
C.加强用户权限控制
D.DHCP Snooping+DAI技术
参考答案:C
-
第14题:
在启动了DHCP的网络有可能会发生什么类型的攻击?()
- A、攻击者使用相同的IP地址以造成IP冲突
- B、攻击者截取客户端发出的DHCP单播请求并修改报文内容
- C、攻击者冒充DHCP服务器
- D、攻击者冒充DHCP客户端
正确答案:C -
第15题:
当网络中出现中间人攻击时,采取什么方式防御().
- A、端口安全
- B、访问控制列表
- C、第3层交换
- D、DHCP监听
正确答案:D -
第16题:
Which of the following types of attacks does DHCP snooping prevent?(Choose all that apply.)()
- A、Attacker sends multiple DHCP requests flooding DHCP server
- B、Attacker connects rogue server initiating DHCP requests
- C、Attacker connects rogue server replying to DHCP requests
- D、Attacker sends DHCP jam signal causing DHCP server to crash
- E、Attacker sends gratuitous ARP replies, thereby jamming the DHCP server
- F、Attacker sends unsolicited DHCP replies, thereby jamming the DHCP server
正确答案:A,C -
第17题:
Which three statements about the DHCP snooping feature on Cisco Nexus switches are true? ()
- A、 DHCP snooping commands are not available until the feature is enabled with the feature dhcp- snooping command.
- B、 When you enable the DHCP snooping feature, the switch begins building and maintaining the DHCP snooping binding database.
- C、 The switch will not validate DHCP messages received or use the DHCP snooping binding database to validate subsequent requests from untrusted hosts until DHCP snooping is enabled globally and for each specific VLAN.
- D、 Globally disabling DHCP snooping removes all DHCP snooping configuration on the switch.
- E、 Globally disabling DHCP snooping does not remove any DHCP snooping configuration or the configuration of other features that are dependent upon the DHCP snooping feature.
正确答案:B,C,E -
第18题:
DHCP监听(DHCPSnooping)是一种DHCP安全特性,可以有效防范DHCPSnooping攻击,以下哪条不是该安全特性的描述()。
- A、比较DHCP请求报文的(报文头里的)源MAC地址和(报文内用里的)DHCP客户机的硬件地址(即CHADDR字段)是否一致
- B、将交换机端口划分为信任端口和非信任端口两类
- C、限制端口被允许访问的MAC地址的最大条目
- D、对端口的DHCP报文进行限速
正确答案:C -
第19题:
多选题Which of the following types of attacks does DHCP snooping prevent?(Choose all that apply.)()AAttacker sends multiple DHCP requests flooding DHCP server
BAttacker connects rogue server initiating DHCP requests
CAttacker connects rogue server replying to DHCP requests
DAttacker sends DHCP jam signal causing DHCP server to crash
EAttacker sends gratuitous ARP replies, thereby jamming the DHCP server
FAttacker sends unsolicited DHCP replies, thereby jamming the DHCP server
正确答案: E,C解析: 暂无解析 -
第20题:
单选题DHCP Snooping是一种DHCP的安全特性,关于DHCP Snooping的说法,下列描述错误的是()ADHCP Snooping绑定表分为动态绑定表和静态绑定表
BDHCP Snooping区分信任端口和非信任端口,对非信任端口,不处理DHCPReply报文
C静态绑定表在报文入端口手工输入,也可以手工设置表项老化时间
D在二层上应用DHCP Snooping,不配置Option82功能也可以获得绑定表所需的接门信息
正确答案: A解析: 暂无解析 -
第21题:
多选题DHCP Snooping是一种DHCP的安全特性,关于DHCP Snooping的说法,以下正确的是()。ADHCP Snooping绑定表分为动态绑定表和静态绑定表
BDHCP Snooping区分信任端口和非信任端口,对非信任端口,不处理DHCP Reply报文
C静态绑定表在报文入端口手工输入,也可以手工设置表项老化时间
D在二层上应用DHCP Snooping时,不配置Option82功能也可以获得绑定表所需的接口信息
正确答案: A,C解析: 暂无解析 -
第22题:
多选题DHCPSnooping作为有效的安全机制,可以防止以下哪些攻击()A防止DHCP防冒者攻击
B防止对DHCP服务器的DOS攻击
C防止MAC地址泛洪攻击
D结合DAI功能对数据包的源MAC地址进行检查
E结合IPSG功能对数据包的源IP地址进行检查
正确答案: D,B解析: 暂无解析 -
第23题:
单选题中间人攻击或IP/MAC Spoofing攻击会导致信息泄露等危害,在内网中比较常见,为了防止中间人攻击或IP/MAC Spoofing攻击,可以采取的方法有()。A配置Trusted/Untrusted接口
B限制交换机接口上允许学习到的最多MAC地址数目
C使用DHCP Snooping检查DHCP REQUEST报文中CHADDR字段的功能
D在交换机上配置DHCP Snooping功能
正确答案: D解析: 暂无解析 -
第24题:
多选题Which three statements about the DHCP snooping feature on Cisco Nexus switches are true? ()ADHCP snooping commands are not available until the feature is enabled with the feature dhcp- snooping command.
BWhen you enable the DHCP snooping feature, the switch begins building and maintaining the DHCP snooping binding database.
CThe switch will not validate DHCP messages received or use the DHCP snooping binding database to validate subsequent requests from untrusted hosts until DHCP snooping is enabled globally and for each specific VLAN.
DGlobally disabling DHCP snooping removes all DHCP snooping configuration on the switch.
EGlobally disabling DHCP snooping does not remove any DHCP snooping configuration or the configuration of other features that are dependent upon the DHCP snooping feature.
正确答案: D,C解析: 暂无解析